I want to promote a BDC to PDC

[Gregory]

We have 2 Domain controllers which need to be replaced:
- Windows Server 2000 SP4 (PDC) (dhcp, dns, schema masters, ...)
- Windows Server 2000 SP4 (BDC) (running exchange 2000)

I added 2 new servers to the domain (with adprep, ...)
So, now i have:
- Windows Server 2000 SP4 (PDC) (dhcp, dns, schema masters, ...)
- Windows Server 2000 SP4 (BDC) (running exchange 2000)
- Windows Server 2003 R2 SP2 x86 (BDC) (this one will replace the 2000 PDC and become PDC)
- Windows Server 2003 R2 SP2 x64 (BDC) (this one will replace exchange 2000 with exchange 2007 and stay BDC)

So the two 2000 servers have to go.
My problem is, how do i promote my Windows Server 2003 R2 SP2 x86 Backup Domain Controller to Primary Domain Controller?
(any tips I must not forget when installing exchange 2007?)

[withawhye-ng@yahoo.com]

Starting with W2K, there is no more PDC/BDC hierarchy; All DCs are
peers. Transfer FSMO roles to the 2K3 boxes and all should be well.

[Joshua Bolton]

How is it you are running AD but speaking in NT terms? W2K and AD have been
around for 7years. Might want to update your concepts file.

It is not recommended that Exchange be on a DC. It should be a member
server and not participate in the DC authenication load.

[jjj0923]

I hate to resurrect this thread but it seems like to right place to ask this question:

I just put together a new network - dns servers, domain controllers (2003 ad) and an isa firewall to accomodate a new verizon fios business line that will replace our existing T1 line.

I have a lot of user and computers defined in my existing domain controllers.

Basically what I want to do is to get a copy of the all of the users and computers off my existing DC to the new dc that will eventually be put in service, but I have to keep the old dc running as I migrate web servers and dns over to the new network.

so here's what I did. I created a dc controller and made it an additional dc in my network. I see that everything is now copied over.

I am getting ready to use the instructions here to transfer the roles over to the new DC : http://support.microsoft.com/kb/324801

BUT i do not want to cripple the old DC because my goal is to get the information on the new dc and then move it to my new network (as the primary dc) so that I can start to bring the new network live and gradually move users over the the new network.

will following the steps listed on the microsoft site cripple the old DC I am transferring from? and if so, how can I get what I need over the new DC and then promote it so that's the primary DC on the new network without crippling the old DC.

[Meinolf Weber [MVP-DS]]

Hello jjj0923,

"BUT i do not want to cripple the old DC because my goal is to get the information
on the new dc and then move it to my new network (as the primary dc) so that
I can start to bring the new network live and gradually move users over the
the new network"

What do you mean with this question exactly? If you have added an additional
DC to the existing domain, make sure it is Global catalog and DNS server(use
AD integrated zones) and move the FSMO roles to the new DC.

You are also talking about a NEW domain, please clarify this, is there a
NEW created forest/domain or do you still mean the existing one with the
additional DC that should get the FSMO roles?

You have to reconfigure the time service on the old and new PDCEmulator according
to:
http://technet.microsoft.com/en-us/l...42(WS.10).aspx

http://technet.microsoft.com/en-us/l...97(WS.10).aspx

BTW, forget the terms primary and secondary DC, since Windows 2000 this isn't
the case any more, all DCs are the same, only FSMO roles must be configured
to some rules.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I hate to resurrect this thread but it seems like to right place to
> ask this question:
>
> I just put together a new network - dns servers, domain controllers
> (2003 ad) and an isa firewall to accomodate a new verizon fios
> business line that will replace our existing T1 line.
>
> I have a lot of user and computers defined in my existing domain
> controllers.
>
> Basically what I want to do is to get a copy of the all of the users
> and computers off my existing DC to the new dc that will eventually be
> put in service, but I have to keep the old dc running as I migrate web
> servers and dns over to the new network.
>
> so here's what I did. I created a dc controller and made it an
> additional dc in my network. I see that everything is now copied over.
>
> I am getting ready to use the instructions here to transfer the roles
> over to the new DC : http://support.microsoft.com/kb/324801
>
> BUT i do not want to cripple the old DC because my goal is to get the
> information on the new dc and then move it to my new network (as the
> primary dc) so that I can start to bring the new network live and
> gradually move users over the the new network.
>
> will following the steps listed on the microsoft site cripple the old
> DC I am transferring from? and if so, how can I get what I need over
> the new DC and then promote it so that's the primary DC on the new
> network without crippling the old DC.
>
> thanks in advance
>
> Jeff
>
> http://forums.techarena.in
>

[jjj0923]

you wrote:

Hello jjj0923,

"BUT i do not want to cripple the old DC because my goal is to get the information
on the new dc and then move it to my new network (as the primary dc) so that
I can start to bring the new network live and gradually move users over the
the new network"

What do you mean with this question exactly? If you have added an additional
DC to the existing domain, make sure it is Global catalog and DNS server(use
AD integrated zones) and move the FSMO roles to the new DC.

You are also talking about a NEW domain, please clarify this, is there a
NEW created forest/domain or do you still mean the existing one with the
additional DC that should get the FSMO roles?

You have to reconfigure the time service on the old and new PDCEmulator according
to:
http://technet.microsoft.com/en-us/l...42(WS.10).aspx

http://technet.microsoft.com/en-us/l...97(WS.10).aspx

BTW, forget the terms primary and secondary DC, since Windows 2000 this isn't
the case any more, all DCs are the same, only FSMO roles must be configured
to some rules.

Best regards

let me try to clarify.

Basically - all I want to do is CLONE the Domain Controller and put the new DC on a new network (new forest - where it will be the first domain controller)

what is the easiest way to do this?

Jeff

[Phillip Windell]

"jjj0923" <jjj0923.4a3kdb@DoNotSpam.com> wrote in message
news:jjj0923.4a3kdb@DoNotSpam.com...

> Basically what I want to do is to get a copy of the all of the users and
> computers off my existing DC to the new dc that will eventually be put
> in service, but I have to keep the old dc running as I migrate web
> servers and dns over to the new network.
>
> so here's what I did. I created a dc controller and made it an
> additional dc in my network. I see that everything is now copied over.

Ok,...so that was wrong. Undo that. Run DCPromo on this DC to demote it
back to a member server and then move it from a member to a workgroup
machine.

***Get back to where you were before you started,...before you did
anything,...because your whole premise is wrong***

Now run DCPromo again on the box to make it a *new* DC in a *new* Forest in
a *new* Domain. This has nothing to do with,...and is not related in any
way to,...the original Domain.

Do DNS Zone Transfers between this DC and the DC of the old Domain (doesn't
matter which DC, just pick one). Do this in both directions so that both
Domains are fully aware of the opposite Domain's Zone contents.

Create a Full Two-Way Trust between the two Domians

Add the Domain Admins Group to the Administrators Group of the opposite
Domain,...do this in both directions.

Add the Domain User Group to the Users Group of the opposite Domain,...do
this in both directions

Download and use the ADMT Tool to migrate Objects from one Domain to the
other. Do this *after* reading the Documentation for ADMT,...and only after
you really understand what you read. There are only a very few limited
ways to do it *right*,...and a whole bunch of ways to do it wrong.


--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

[Meinolf Weber [MVP-DS]]

Hello jjj0923,

So that DC should be added to an existing forest as DC? This isn't possible
that way. Then you have to use ADMT to migrate the domain tio the new forest.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> you wrote:
>
>> Hello jjj0923,
>>
>> "BUT i do not want to cripple the old DC because my goal is to get
>> the
>> information
>> on the new dc and then move it to my new network (as the primary dc)
>> so
>> that
>> I can start to bring the new network live and gradually move users
>> over
>> the
>> the new network"
>> What do you mean with this question exactly? If you have added an
>> additional
>> DC to the existing domain, make sure it is Global catalog and DNS
>> server(use
>> AD integrated zones) and move the FSMO roles to the new DC.
>> You are also talking about a NEW domain, please clarify this, is
>> there
>> a
>> NEW created forest/domain or do you still mean the existing one with
>> the
>> additional DC that should get the FSMO roles?
>> You have to reconfigure the time service on the old and new
>> PDCEmulator
>> according
>> to:
>> http://technet.microsoft.com/en-us/l...42(WS.10).aspx
>> http://technet.microsoft.com/en-us/l...97(WS.10).aspx
>>
>> BTW, forget the terms primary and secondary DC, since Windows 2000
>> this
>> isn't
>> the case any more, all DCs are the same, only FSMO roles must be
>> configured
>> to some rules.
>> Best regards
>>
> let me try to clarify.
>
> Basically - all I want to do is CLONE the Domain Controller and put
> the new DC on a new network (new forest - where it will be the first
> domain controller)
>
> what is the easiest way to do this?
>
> Jeff
>
> http://forums.techarena.in
>

[jjj0923]

Philip:

you wrote:

Now run DCPromo again on the box to make it a *new* DC in a *new* Forest in
a *new* Domain. This has nothing to do with,...and is not related in any
way to,...the original Domain.

ok - no problem I'm fine with this

Do DNS Zone Transfers between this DC and the DC of the old Domain (doesn't
matter which DC, just pick one). Do this in both directions so that both
Domains are fully aware of the opposite Domain's Zone contents.

why? - the dns on these boxes is caching only. I have no zones defined on my domain controllers.

Create a Full Two-Way Trust between the two Domians

How do I do this?

Add the Domain Admins Group to the Administrators Group of the opposite Domain,...do this in both directions.

Add the Domain User Group to the Users Group of the opposite Domain,...do
this in both directions

Download and use the ADMT Tool to migrate Objects from one Domain to the
other. Do this *after* reading the Documentation for ADMT,...and only after
you really understand what you read. There are only a very few limited
ways to do it *right*,...and a whole bunch of ways to do it wrong.

thanks I have all the documentation for the admt tool.

ps: would you be interested in doing this on a contract basis remotely through logmein?

how long should this take?

[Phillip Windell]

"jjj0923" <jjj0923.4a4vlb@DoNotSpam.com> wrote in message
news:jjj0923.4a4vlb@DoNotSpam.com...
> why? - the dns on these boxes is caching only. I have no zones defined
> on my domain controllers.

No they can't be. You have to have full AD integrated DNS Zones to even
have Active Directory in the first place. *All* DCs should have DNS running
Full AD Integrated Zones and would replicate between each other (both
directions). Can you have a DC without DNS if it uses "another" machine for
DNS?,....yes,....should you?,....no,....will it probably become a
disaster?,....probably.

>> Create a Full Two-Way Trust between the two Domians
>>
>
> How do I do this?

It should be in the ADMT Docs. If not it is easily googled from Ms's site.

> thanks I have all the documentation for the admt tool.
>
> ps: would you be interested in doing this on a contract basis remotely
> through logmein?
>
> how long should this take?

Depends on how big the environment is and how big a mess you have,...and how
complex the Business Applications are with moving, installling, sharing,
etc. There is no exact answer for this.
Sometimes it is better to cleanup and fix what you have then to create a new
domain and do a migration,...it just depends on how screwed up the original
is

I've been working on one for 5 months and it isn't quite finihsed yet,...but
they don't always take that long.

You cannot do this remotely,...it has to be done in person with feet on the
ground and hands on the keyboards. You would need to find a local service
company (consultant?) to come in there and help if you can't do it yourself.
There is only a few ways to do it "right" and a gazzillion ways to screw it
up.


--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------